RE: [Asterisk-Users] Asterisk behind NAT -- SIP config file
Why are the sip.conf extensions mentioned twice each? Also, if you * box is behind another firewall, by forward ports 5060 and 1-2 and maybe 5004 from the firewall to the * box will that help on the NAT issue? If phone 2 is behind another firewall, do you need to forward port 5060 only to that phone? Or some other ports...? I have read a lot of stuff about NAT and all the mayor flavors, still, Im having some problems with nat and some networks.. I need to do more testing using ethereal and other tools but I wanted to hear some basic thought on the subject. Thx! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rudolf Ladyzhenskii Sent: Viernes, 04 de Marzo de 2005 08:41 p.m. To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: [Asterisk-Users] Asterisk behind NAT -- SIP config file Hi, all This is the souktion that worked for me. Here is my config again >> PHONE 1 -- * BOX >> | >> NAT/Firewall >> | >> | >> NAT/Firewall >>| >>| >> PHONE 2 Firewall on Asterisk end is Linux RH9 with iptables. I have set it up to forward ports 5060, 1-2 to Asterisk. Firewall at PHONE 2 end is an off-the-shelf router. Firewall was disabled and I port forwarded port 5060 to the phone. Here is my sip.conf file: (PHONE1 is ext101, PHONE2 is ext102). ; SIP configuration file [general] port=5060 bindaddr=0.0.0.0 context=default externip= localnet=192.168.1.0/24 [ext101] type=user host=dynamic secret=ext101 context=default [ext101] type=peer secret=ext101 host=dynamic context=default callerid="Ext 101" [ext102] type=user nat=yes host=dynamic secret=ext102 context=default canreinvite=no [ext102] type=peer nat=yes secret=ext102 host=dynamic context=default callerid="Ext 102" canreinvite=no Hope it helps. Rudolf ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Asterisk behind NAT -- SIP config file
Why are the sip.conf extensions mentioned twice each? I am using Polycom SP300 phones. You have to separate 'user' and 'peer' part of it to get it working. Search the wiki for description of the problem. Also, if you * box is behind another firewall, by forward ports 5060 and 1-2 and maybe 5004 from the firewall to the * box will that help on the NAT issue? You have to forward port 5060 so that phone from outside can register and call. And ports 1-2 do that voice can go through. Actual port ranfge is isn filr rtp.conf. 1-2 is the default range If phone 2 is behind another firewall, do you need to forward port 5060 only to that phone? Or some other ports...? Yes, only port 5060. If you do not forward 5060, you can not call this phone from outside. Seem to work OK without other ports being forwarded. Rudolf ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] Asterisk behind NAT -- SIP config file
>I am using Polycom SP300 phones. You have to separate 'user' and 'peer' part of it to >>>get it working. Search the wiki for description of the problem. Nice to know ... I don't own any of those but its good general knowledge. >You have to forward port 5060 so that phone from outside can register and call. And >ports 1-2 do that voice can go through. Actual port ranfge is isn filr >>rtp.conf.> 1-2 is the default range Ive done this on the firewall infront of our * box. >Yes, only port 5060. If you do not forward 5060, you can not call this phone >from outside. Seem to work OK without other ports being forwarded. You mean on the remote sip phone firewall? What if there arem ore than 1 sip phone on that network behidn that firewall? Don't you need to forward ports 1-2 for voice? Or does the sip phones just open up the ports from inside (by doing the in to out calls and keep alives)? ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Asterisk behind NAT -- SIP config file
Yes, only port 5060. If you do not forward 5060, you can not call this phone from outside. Seem to work OK without other ports being forwarded. You mean on the remote sip phone firewall? What if there arem ore than 1 sip phone on that network behidn that firewall? Then you are in trouble. Asterisk only sees single public IP address. As far as it concerns there is only single phone out there. If you get multiple phones working, let me know. Another option, I think, may be using VPN, but I have not tried that. Then you can potentially have remote SIP phones to be on the "virtual" network. Don't you need to forward ports 1-2 for voice? Or does the sip phones just open up the ports from inside (by doing the in to out calls and keep alives)? I have mot tried to sniff on the traffic in details. I think, other ports are opened in responce to connection on port 5060. The only port listens at is port 5060. Rudolf ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] Asterisk behind NAT -- SIP config file
The VPN approach might resolv a lot of nat issues I guess... Depending on the scenario I guess.. You could put another * box inside the second nat and interconnect using IAX, or if using a single phone, just use your setup, and finally, if using 2 or more phones and cant put a second * box, well, the vpn solution, I wonder how to do it if you have ATAs and nost softphone on the second NATted LAN.. Well... In time I guess :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rudolf Ladyzhenskii Sent: Viernes, 04 de Marzo de 2005 10:20 p.m. To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [Asterisk-Users] Asterisk behind NAT -- SIP config file >>Yes, only port 5060. If you do not forward 5060, you can not call this > phone >>from outside. Seem to work OK without other ports being forwarded. > > You mean on the remote sip phone firewall? What if there arem ore than > 1 sip phone on that network behidn that firewall? Then you are in trouble. Asterisk only sees single public IP address. As far as it concerns there is only single phone out there. If you get multiple phones working, let me know. Another option, I think, may be using VPN, but I have not tried that. Then you can potentially have remote SIP phones to be on the "virtual" network. > > Don't you need to forward ports 1-2 for voice? Or does the sip > phones just open up the ports from inside (by doing the in to out > calls and keep alives)? > I have mot tried to sniff on the traffic in details. I think, other ports are opened in responce to connection on port 5060. The only port listens at is port 5060. Rudolf ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] Asterisk behind NAT -- SIP config file
I have used the Draytek 2600V router in a few locations where only 1 or 2 phones are required. The router has 2 FXS ports and can be used locally to an * box or via the VPN to a remote * box. The VPN built into the routers just works, and I have 1 user who has had 3 VPN circuits up and running now for 6 months solid. Not bad in this day and age for an ADSL to stay functional for so long without interruptions. Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Anton Krall Sent: 05 March 2005 04:56 To: 'Asterisk Users Mailing List - Non-Commercial Discussion' Subject: RE: [Asterisk-Users] Asterisk behind NAT -- SIP config file The VPN approach might resolv a lot of nat issues I guess... Depending on the scenario I guess.. You could put another * box inside the second nat and interconnect using IAX, or if using a single phone, just use your setup, and finally, if using 2 or more phones and cant put a second * box, well, the vpn solution, I wonder how to do it if you have ATAs and nost softphone on the second NATted LAN.. Well... In time I guess :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rudolf Ladyzhenskii Sent: Viernes, 04 de Marzo de 2005 10:20 p.m. To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [Asterisk-Users] Asterisk behind NAT -- SIP config file >>Yes, only port 5060. If you do not forward 5060, you can not call this > phone >>from outside. Seem to work OK without other ports being forwarded. > > You mean on the remote sip phone firewall? What if there arem ore than > 1 sip phone on that network behidn that firewall? Then you are in trouble. Asterisk only sees single public IP address. As far as it concerns there is only single phone out there. If you get multiple phones working, let me know. Another option, I think, may be using VPN, but I have not tried that. Then you can potentially have remote SIP phones to be on the "virtual" network. > > Don't you need to forward ports 1-2 for voice? Or does the sip > phones just open up the ports from inside (by doing the in to out > calls and keep alives)? > I have mot tried to sniff on the traffic in details. I think, other ports are opened in responce to connection on port 5060. The only port listens at is port 5060. Rudolf ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] Asterisk behind NAT -- SIP config file
Good success story.. I'll keep in mind that router just in case. Thx David. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David J Carter Sent: Sábado, 05 de Marzo de 2005 04:18 a.m. To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] Asterisk behind NAT -- SIP config file I have used the Draytek 2600V router in a few locations where only 1 or 2 phones are required. The router has 2 FXS ports and can be used locally to an * box or via the VPN to a remote * box. The VPN built into the routers just works, and I have 1 user who has had 3 VPN circuits up and running now for 6 months solid. Not bad in this day and age for an ADSL to stay functional for so long without interruptions. Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Anton Krall Sent: 05 March 2005 04:56 To: 'Asterisk Users Mailing List - Non-Commercial Discussion' Subject: RE: [Asterisk-Users] Asterisk behind NAT -- SIP config file The VPN approach might resolv a lot of nat issues I guess... Depending on the scenario I guess.. You could put another * box inside the second nat and interconnect using IAX, or if using a single phone, just use your setup, and finally, if using 2 or more phones and cant put a second * box, well, the vpn solution, I wonder how to do it if you have ATAs and nost softphone on the second NATted LAN.. Well... In time I guess :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rudolf Ladyzhenskii Sent: Viernes, 04 de Marzo de 2005 10:20 p.m. To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [Asterisk-Users] Asterisk behind NAT -- SIP config file >>Yes, only port 5060. If you do not forward 5060, you can not call this > phone >>from outside. Seem to work OK without other ports being forwarded. > > You mean on the remote sip phone firewall? What if there arem ore than > 1 sip phone on that network behidn that firewall? Then you are in trouble. Asterisk only sees single public IP address. As far as it concerns there is only single phone out there. If you get multiple phones working, let me know. Another option, I think, may be using VPN, but I have not tried that. Then you can potentially have remote SIP phones to be on the "virtual" network. > > Don't you need to forward ports 1-2 for voice? Or does the sip > phones just open up the ports from inside (by doing the in to out > calls and keep alives)? > I have mot tried to sniff on the traffic in details. I think, other ports are opened in responce to connection on port 5060. The only port listens at is port 5060. Rudolf ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
